Versions of popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites. Bug was publicly disclosed Monday by cybersecurity researcher Ling Yizhou, who also published two proof-of-concept attack scenarios. The bug, tracked as CVE-2021-3007, does not have a severity rating listed with MITRE. The maintainers of Zend are contesting whether or not the vulnerability classification is correct.
Source: https://threatpost.com/rce-bug-php-scripting-framework/162773/